Changed prototype for ssl_set_truncated_hmac() to allow disabling
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 184e2e1..1557d39 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -986,13 +986,16 @@
/**
* \brief Activate negotiation of truncated HMAC (Client only)
+ * (Default: SSL_TRUNC_HMAC_ENABLED)
*
* \param ssl SSL context
+ * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
+ * SSL_TRUNC_HMAC_DISABLED)
*
* \return O if successful,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
*/
-int ssl_set_truncated_hmac( ssl_context *ssl );
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
/**
* \brief Enable / Disable renegotiation support for connection when
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3da7c0b..b9fca44 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3149,12 +3149,12 @@
return( 0 );
}
-int ssl_set_truncated_hmac( ssl_context *ssl )
+int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
if( ssl->endpoint != SSL_IS_CLIENT )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
- ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+ ssl->trunc_hmac = truncate;
return( 0 );
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 60e6f7e..ca4d7c7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -634,7 +634,7 @@
ssl_set_max_frag_len( &ssl, opt.mfl_code );
if( opt.trunc_hmac != 0 )
- ssl_set_truncated_hmac( &ssl );
+ ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );